From ffb1344ad48293bad26f6fed6b7f1cc1897f2a2c Mon Sep 17 00:00:00 2001 From: Paul Pound Date: Mon, 15 May 2017 14:21:12 -0300 Subject: [PATCH] added check to validate lastname matches what is stored in relais --- includes/form.inc | 19 +++++++++++++------ includes/relais.inc | 14 ++++++++++---- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/includes/form.inc b/includes/form.inc index 543fd22..18755c1 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -37,6 +37,16 @@ function upei_roblib_ill_form($form, &$form_state) { * An array containing the Drupal form state. */ function upei_roblib_ill_form_validate($form, &$form_state) { + module_load_include('inc', 'upei_roblib_ill', 'includes/relais'); + if ($form_state['step'] == 'upei_roblib_ill_auth_form') { + $aid = upei_roblib_ill_authenticate($form_state['values']['campus_id'], $form_state['values']['Surname']); + if (is_array($aid) && isset($aid['Problem']['Message'])) { + form_set_error('Surname', $aid['Problem']['Message']); + } + else { + $form_state['storage']['aid'] = $aid; + } + } if ($form_state['step'] == 'upei_roblib_ill_request_form' && empty($form_state['values']['doi']) && empty($form_state['values']['Title']) && empty($form_state['values']['ArticleTitle']) ) { @@ -54,7 +64,7 @@ function upei_roblib_ill_form_validate($form, &$form_state) { * An array containing the Drupal form state. */ function upei_roblib_ill_form_submit($form, &$form_state) { - module_load_include('inc', 'upei_roblib_ill', 'includes/relais'); + $form_state['storage'][$form_state['step']] = $form_state['values']; switch ($form_state['step']) { case 'upei_roblib_ill_request_form': @@ -65,8 +75,7 @@ function upei_roblib_ill_form_submit($form, &$form_state) { break; case 'upei_roblib_ill_auth_form': //process the form - $aid = upei_roblib_ill_authenticate($form_state['values']['campus_id']); - $response = upei_roblib_ill_add_request($form_state, $aid); + $response = upei_roblib_ill_add_request($form_state, $form_state['storage']['aid']); $form_state['redirect'] = array( 'upei/roblib/ill/finished', array( @@ -89,12 +98,10 @@ function upei_roblib_ill_form_redirect() { //TODO phone number, email etc. could be variables read from the database. $std_message = "
To contact the department about this request, you can send a message to ill@upei.ca or call 902-566-0445
"; - return "
" . $_GET['message'] . '
'. $std_message; + return "
" . $_GET['message'] . '
' . $std_message; } - - /** * The patron portion of the ILL form. * diff --git a/includes/relais.inc b/includes/relais.inc index e6f6ab2..3d36bb3 100644 --- a/includes/relais.inc +++ b/includes/relais.inc @@ -45,7 +45,7 @@ function upei_roblib_ill_add_request($form_state, $aid) { if(!isset($aid) || is_array($aid)) { upei_roblib_ill_log_request($relais_arr, $aid); drupal_set_message(t('Error retrieving authentication token, @message', array('@message' => $aid['Problem']['Message'])), 'error'); - return array('ConfirmMessage' => $aid['Problem']['Message'] . ' You may have entered an incorrect Campus ID'); + return array('ConfirmMessage' => t('There was an error processing your request, @msg', array('@msg' => $aid['Problem']['Message']))); } $result = drupal_http_request($url . '?aid=' . $aid, $options); module_load_include('inc', 'upei_roblib_ill', 'includes/db'); @@ -65,7 +65,7 @@ function upei_roblib_ill_add_request($form_state, $aid) { * @return string/array * Returns a Relais authentication id (token) or an array containing the Relais response error which should include the error message if authentication fails */ -function upei_roblib_ill_authenticate($barcode) { +function upei_roblib_ill_authenticate($barcode, $surname) { $url = variable_get('upei_roblib_ill_auth_url', 'https://caul-cbua.relais-host.com/portal-service/user/authentication'); $json_arr = array(); $json_arr['ApiKey'] = variable_get('upei_roblib_ill_relais_key'); @@ -80,14 +80,20 @@ function upei_roblib_ill_authenticate($barcode) { 'headers' => array('Content-Type' => 'application/json'), ); $result = drupal_http_request($url, $options); + if($result->code != '200') { + $response_data['Problem']['Message'] = $result->error; + return $response_data; + } $response_data = json_decode($result->data, TRUE); if ($result->code == '200') { - if (isset($response_data['Problem'])) { + if (isset($response_data['Problem']) || $response_data['LastName'] !== $surname) { + $err_message = isset($response_data['Problem']['Message']) ? $response_data['Problem']['Message'] : ''; + $err_message .= t( ' Your Campus ID could be incorrect or your Last Name does not match what is stored in the profile for the user with the specified Campus ID'); + $response_data['Problem']['Message'] = $err_message; return $response_data; } $aid = $response_data['AuthorizationId']; } return isset($aid) ? $aid : $response_data; - }